As a technique of coordinating information about users between businesses over networks, there is standard technical specification SAML (Security Assertion Markup Language) standardized by OASIS, a standard-setting organization. FIG. 22 is a configuration diagram illustrating one example of a certificate generation and distribution system that uses SAML as disclosed in NPL 1.
In the certificate generation and distribution system illustrated in FIG. 22, an identity provider (represented by IdP, hereinafter) 100, a service provider (represented by SP, hereinafter) 101 and a user agent (which is software on a user's terminal device) 102 are connected together through a network. The following describes a procedure of generating and distributing a certificate by means of the SAML artifact profile as an exemplary operation of the certificate generation and distribution system having the above configuration. In the example illustrated in FIG. 22, suppose that IdP100 and SP101 retain user information 103 and 104, respectively, in storage devices as information about a user who uses the user agent 102.
In the certificate generation and distribution system illustrated in FIG. 22, the user accesses SP101 through the user agent 102 to use a service whose use is restricted by SP101 (Step (1) in FIG. 22). SP101 transmits a certificate request message to IdP100 to acquire a certificate of the user (Step (2-a) in FIG. 22); the user agent 102 redirects the certificate request message from SP101 to IdP100 (Step (2-b) in FIG. 22). IdP100 uses the user information 103 to produce a certificate (assertion) written in XML (Extensible Markup Language) (Step (3) in FIG. 22). Moreover, IdP100 produces an artifact that serves as a ticket corresponding to the assertion and transmits the artifact back to the user agent 102 (Step (4-a) in FIG. 22). The user agent 102 redirects the artifact to SP101 (Step (4-b) in FIG. 22).
SP101 transmits the received artifact to IdP100 and requests the corresponding assertion (Step (5) in FIG. 22). IdP100 confirms the artifact received from SP101 and returns the corresponding assertion to SP101 (Step (6) in FIG. 22). SP101 checks the validity of the assertion received from IdP100, examines a security policy of SP101, and makes a determination as to whether to allow the request from the user for accessing the service. When it is determined that the request is allowed, the service starts to be provided to the user agent 102 (Step (7) in FIG. 22).
As described above, IdP100 generates the certificate concerning the user and distributes the certificate to SP101. It is possible to record information about the user who accesses SP101 in the certificate distributed by IdP100. The information about the user may be user identifier information, information about a service area of the certificate (or about businesses who accept the certificate after distribution), classified information about the user, or other kinds of information.
Disclosed in PTL 1 is an example of a system for managing the transfer of access rights. FIG. 23 is an explanatory diagram illustrating an access management system that realizes the transfer of rights as disclosed in PTL 1. What is described in the example illustrated in FIG. 23 is a system that manages the transfer of rights between a member of an organization A (110) and a member of an organization B (111). In a given organization A, a resource 113 is controlled. In another organization B, a resource 113 is controlled. In the organization B, there is a resource access person 115 who accesses the resource 113.
The following describes the operation of the access management system illustrated in FIG. 23. First an administrator 112 of the organization A transmits credit information to an administrator 114 of the organization B (Step (1) in FIG. 23). What are described in the credit information are conditions (or conditions for the transfer of rights) under which, instead of the administrator of the organization A, the resource access person 115 of the organization B accesses the resource. The following description is based on the assumption that the resource access person 115 satisfies the conditions for accessing the resource. Then, the administrator 114 of the organization B issues credit information to the resource access 115 of the organization B on behalf of the administrator 112 of the organization A (Step (2) in FIG. 23). The credit information issued by the administrator 114 of the organization B includes the credit information issued by the administrator 112 of the organization A. The resource access person 115 of the organization B then transmits, along with the credit information issued by the administrator 114 of the organization B, an access request message to the resource 113 of the organization A (Step (3) in FIG. 23). The resource 113 of the organization A makes a determination as to whether to allow access on the basis of the credit information transmitted from the resource access person 115 of the organization B and transmits some information to the resource access person 115 of the organization B.
As described above, the administrator 112 of the organization A transmits the information for proxy access to the organization B, a counterpart to which the access right is transferred. Therefore, the transfer of the access right is realized.